CyberMaxx Principal SOC Analyst Jeremy Weidner shares the true meaning of Threat Hunting and why the connection to MDR is so important for companies to understand.
Download the eBook here.
Video Transcript
Hey everyone, my name is Jeremy Wiedner, and I am a principal analyst in the Security Operations Center here at CyberMaxx.
Over the last decade, as more attention and focus has been given to threat hunting, I have continued to see confusion and misinformation about what it is persist. To this day, many security vendors are trying to cash in on this hot topic. The term threat hunting is applied to various services that are not actually threat hunting. So, as a protector of your company, how do you sift through the noise and marketing material to make sure you are getting threat hunting? Well, that very question is why we wrote this eBook. We want to help you understand what threat hunting is and is not so you can free up your time and focus on protecting your company.
Here at Cybermaxx, we define threat hunting as:
“The proactive, human-led pursuit, guided by threat intelligence that seeks to discover adversary activity, that has evaded existing security controls. Its goals are to reduce dwell time, minimize the negative impact to the business, of security incidents, reduce the attack surface, and improve overall security posture.”
You might be asking yourself why threat hunting is important to me and why I am so passionate about it. I first heard this anecdote at the start of my career in law enforcement, but it applies no less to those who have chosen cybersecurity as their profession and threat hunting in particular. It is about society, wolves, and sheepdogs.
First, we have society which is made up of kind people who enjoy going about their daily lives in their jobs and with their family and friends. They may not even realize they are a target for cybercrime.
Next, we have wolves. These are evil people in the world capable of evil deeds. They feed on society without mercy as evidenced by the many data breaches, identity theft, and ransomware events each year just to name a few.
Lastly, we have the sheepdogs who are funny critters. They live to protect society and confront the wolves. They are always sniffing around the perimeter, checking the breeze, and barking at things that go bump in the night looking for any signs of the wolf. In essence, hunting the wolf.
I am a sheepdog, as a law enforcement officer I often went out looking, “hunting” if you will, for crime in my sector instead of just waiting for a call. I often found it and was able to keep my city safer because of it. Now, fast forward several years and I still apply this same pro-active hunting in my passion for cybersecurity. I prefer to be proactive and take the fight to the wolves instead of waiting for them to strike the clients I protect. The best way to do this is by threat hunting.
So, as you dive into threat hunting, here are a couple of things to keep in mind:
- Take on a “We have been breached but don’t know it” mentality.
- Not every hunt is going to find a breach in your environment.
- Other risks may be found that should be addressed to improve overall security posture.
Let’s take a moment to make the connection between Threat Hunting and MDR here at CyberMaxx. When threat hunting uncovers a previously unknown breach it often leads to new threat intelligence and ways to detect adversary activity. This provides MDR analysts with higher fidelity alerts. In addition, when a threat hunter does find a previously undetected compromise the response portion of MDR allows zero-latency pro-active response actions to be taken to contain and mitigate the threat on the client’s behalf before ever picking up the phone.
Thank you for listening and if you would like more information please read my eBook Threat Hunting Done Right.
Download the Threat Hunting Done Right eBook below